Report: Audit Committee - January 22, 2025

REPORT NUMBER 161 OF THE AUDIT COMMITTEE

WEDNESDAY, JANUARY 22, 2025

CLOSED SESSION 

1. Chair’s Remarks
   
   The Chair welcomed members and guests to the meeting. 
2. Reports of the Administrative Assessors
   
   Professor Scott Mabury, Vice-President Operations & Real Estate Partnerships, provided an update on an ongoing confidential matter raised at the previous Committee meeting. He reported that discussions were progressing with a focus on ensuring academic continuity for affected students while appropriately managing institutional obligations. Regular consultations with University legal counsel have resulted in a structured approach to resolution. Professor Mabury indicated that several previously identified concerns had been substantially addressed, with June 2025, highlighted as a significant contractual milestone in the resolution timeline.
   
   Professor Mabury also updated the Committee on ongoing process improvements and development of a new monitoring framework for purchase card usage.
   
   Discussion
   
   In response to questions about Information Security Dashboards, Professor Mabury discussed infrastructure security coverage across divisions and opportunities to enhance integration of IT services. He committed to providing detailed divisional dashboard information to committee members.
3. Risk Presentations
   1. Research Security
      
      
      Professor Leah Cowen, Vice-President, Research and Innovation, presented on the University's approach to research security risks and mitigation strategies. The presentation outlined four primary risk categories: geopolitical risks, including research theft and cybersecurity threats; reputational risks affecting public trust and global partnerships; funding risks related to compliance requirements and changing regulatory landscapes; and risks to inclusion and academic freedom.
      
      The University has established several institutional supports, including a Research Security Team formed in 2022 with dedicated resources for providing guidance on international partnerships and research agreements. The presentation detailed ongoing work with external stakeholders, including leadership of various working groups and communities of practice.
      
      Professor Cowen noted that despite mitigation efforts, residual risk remains at medium level due to evolving policy landscapes and potential funding impacts.
      
      Discussion
      
      In response to questions from members, Professor Cowen clarified that while the federal government and University maintain a country-agnostic approach to research partnerships, there are specific entities designated as restricted. Committee members inquired about the management of secondary partnership risks, particularly regarding multi-author papers and indirect research connections. Professor Cowen explained that mitigation statements can be included in research proposals to address such concerns.
      
      Professor Cowen also discussed the operational structure of the Research Security Team, noting that it serves in an advisory rather than gate-keeping capacity. The Committee then discussed the implications of having researchers personally assume responsibility through attestations rather than institutional sign-off.
      
      Questions were also raised about additional strategies to reduce residual risk and Professor Cowen explained that ongoing uncertainties in the international research landscape make further risk reduction challenging at present. The discussion concluded with consideration of processes for removing entities from restricted lists and the role of technology in security processes.
       
   2. Enrolment
      
      Professor Trevor Young, Vice-President & Provost, presented on enrolment and retention risks. The presentation detailed current enrolment statistics showing domestic undergraduate intake increased 8% for Fall 2024, while international intake faced some challenges with a 6% decrease. Key mitigation strategies were outlined, including diversification of international recruitment and enhanced student support services. The total financial variance to budget was noted at $22.9 million based on December 2024 forecasts.
      
      Discussion
      
      Members discussed the financial implications of current enrolment patterns and examined proposed mitigation strategies. Questions centered on long-term planning for international student recruitment and the required supporting services. The discussion also included consideration of housing capacity and student support infrastructure.
       
   3. Misbehavior
      
      The Vice-President & Provost presented on misbehaviour risks related to students, faculty, and librarians. The presentation identified four key categories of misbehaviour that could impact the University: disruptive behavior including meeting disruptions and harassment; vandalism or theft of University property; violence or threats of violence; and other violations of University policies and codes of conduct. Each category was examined in terms of potential financial, reputational, and operational impacts.
      
      Professor Young also outlined several recently implemented mitigation measures, including the User Guide for University Policies on Protest and Use of Campus Space (August 2024), ongoing implementation of Bill 166 requirements, and a comprehensive review of student mental health services. Current policy reviews were also highlighted, including updates to the Sexual Violence and Sexual Harassment Policy and the Statement on Prohibited Discrimination and Discriminatory Harassment. Student survey data was presented showing that 86% of both domestic and international students reported feeling safe on campus.
4. Digital Transformation Initiatives
   
   The Chair welcomed Professor Susan McCahan, Associate Vice-President & Vice-Provost, Digital Strategies, and Ms Donna Kidwell, Chief Information Security Officer, and Acting Chief Information Officer, to the meeting.
   
   Professor McCahan presented on strategic priorities and initiatives for digital transformation across the University. The role, reporting jointly to the Vice-President & Provost and Vice-President, Operations & Real Estate Partnerships, was described as working in close collaboration with the Chief Information Officer, Chief Information Security Officer, and Executive Director of Institutional Research and Data Governance. Two main priorities were outlined: Priority One: Institutional and Divisional Systems Coordination The presentation detailed objectives for coordinating institutional and distributed IT services, implementing AI taskforce recommendations, and steering toward a maintainable, secure IT environment. This included plans for developing a comprehensive U of T Digital Master Plan and establishing guidelines for system selection and data project prioritization. Priority Two: Institutional Academic & Student Applications (IASA) Renovation Three key initiatives were presented:
   • Cataloguing and mapping the IASA ecosystem, which encompasses over 100 applications supporting the student lifecycle
   • Implementing new governance structures to support transparent decision-making processes
   • Modernizing the Student Information System (ROSI), including development of a program charter and stakeholder engagement plan

The initiatives were noted to align with the IT@UofT Strategic Plan (2025-2027), which encompasses nine key areas including information security, accessibility enhancement, digital learning, and research enablement. Progress metrics and implementation timelines were discussed for each major initiative.

5. Report of the Previous Meeting – Report Number 160 (November 20, 2024)
   
   The report of the previous meeting was approved.  
6. Business Arising from the Report of the Previous Meeting
   
   There was no business arising from the report of the previous meeting. 
7. Date of the Next Meeting: March 5, 2025, 4:00 p.m. – 6:00 p.m.
   
   The Chair confirmed that the next meeting of the Committee would be held on January 22, 2025 
8. Other Business
   
   There was no other business. 

The Committee moved In-Camera.